tripleo

/etc/sudoers.d/ceph-admin is owned by uid 1000, should be 0

Bug #1971498 reported by John Fulton on 2022-05-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	John Fulton	tripleo zed-1

Bug Description

While deploying Ceph w/ 'openstack overcloud ceph deploy' the following was observed in the journal:

  May 03 16:58:48 standalone.localdomain ceph-8cc7641a-9465-5bf1-8d5a-6d9b4502dd25-mgr-standalone-localdomain-mdbrvd[25167]: sudo: /etc/sudoers.d/ceph-admin is owned by uid 1000, should be 0
  ...
  May 03 16:58:48 standalone.localdomain sudo[26407]: ceph-admin : user NOT in sudoers ; PWD=/home/ceph-admin ; USER=root ; COMMAND=/bin/python3 -c import sys;exec(eval(sys.stdin.readline()))
  May 03 16:58:48 standalone.localdomain sshd[26406]: Received disconnect from 104.130.209.29 port 56638:11: disconnected by user

This was reproduced by our CI

https://a1e2d113e9dec0e38dab-f41a14b9b9124c0084e146d917381dc8.ssl.cf5.rackcdn.com/834352/55/check/tripleo-ci-centos-9-scenario001-standalone/05dd715/logs/undercloud/var/log/extra/journal.txt

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-05-03: Fix proposed to tripleo-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-ansible/+/840385

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-05-05: Fix merged to tripleo-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-ansible/+/840385
Committed: https://opendev.org/openstack/tripleo-ansible/commit/0c63117897236f6ee27b1474dae3a5397840e346
Submitter: "Zuul (22348)"
Branch: master

commit 0c63117897236f6ee27b1474dae3a5397840e346
Author: John Fulton <email address hidden>
Date: Tue May 3 17:36:16 2022 -0400

Files in /etc/sudoers.d/ should be owned by root

    Set owner and group to root when calling Ansible copy
    module to create /etc/sudoers.d/{{ tripleo_admin_user }}
    in tripleo_create_admin role.

Change-Id: I9efc5c5fd53ac89710bb9c5f4721f6afb55d8e3c
Closes-Bug: #1971498

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-05-05: Fix proposed to tripleo-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-ansible/+/840489

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-05-06: Fix merged to tripleo-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-ansible/+/840489
Committed: https://opendev.org/openstack/tripleo-ansible/commit/96104ee734142542b746df3919e681d22ef21104
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 96104ee734142542b746df3919e681d22ef21104
Author: John Fulton <email address hidden>
Date: Tue May 3 17:36:16 2022 -0400

Files in /etc/sudoers.d/ should be owned by root

    Set owner and group to root when calling Ansible copy
    module to create /etc/sudoers.d/{{ tripleo_admin_user }}
    in tripleo_create_admin role.

    Change-Id: I9efc5c5fd53ac89710bb9c5f4721f6afb55d8e3c
    Closes-Bug: #1971498
    (cherry picked from commit 0c63117897236f6ee27b1474dae3a5397840e346)